CVE-2018-16196
published 2019-01-09CVE-2018-16196: Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 -…
PriorityP343high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.34%
87.1th percentile
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | b_m9000_vp | r6.03.01 – r8.01.90 | — |
| yokogawa | centum_cs_3000_entry_class | r3.05.00 – r3.09.50 | — |
| yokogawa | centum_cs_3000_firmware | r3.05.00 – r3.09.50 | — |
| yokogawa | centum_vp_entry_class | r4.01.00 – r6.03.10 | — |
| yokogawa | centum_vp_firmware | r4.01.00 – r6.03.10 | — |
| yokogawa | exaopc | r3.10.00 – r3.75.00 | — |
| yokogawa | fast_tools | r9.02.00 – r10.02.00 | — |
| yokogawa | plant_resource_manager | r2.06.00 – r3.31.00 | — |
| yokogawa | prosafe-rs | r1.02.00 – r4.02.00 | — |
| yokogawa_electric_corporation | multiple_yokogawa_products_that_contain_vnet_ip_open_communication_driver | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa Vnet/IP Open Communication Driver
cisa_ics·2019-01-03·CVSS 7.5
[HIGH] Yokogawa Vnet/IP Open Communication Driver
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa Vnet/IP Open Communication Driver
Last RevisedJanuary 03, 2019
Alert CodeICSA-19-003-02
## 1. EXECUTIVE SUMMARY
-
CVSS v7.5
- ATTENTION: Exploitable remotely/Low skill level to exploit
- Vendor: Yokogawa
- Equipment: Vnet/IP Open Communication Driver
- Vulnerability: Resource Management Error
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following equipment and versions utilizing
GHSA
GHSA-r9jm-c64m-grf2: Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3
ghsa_unreviewed·2022-05-14
CVE-2018-16196 [HIGH] CWE-20 GHSA-r9jm-c64m-grf2: Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-01-09
Published